Restrict Publishing Folders on ArcGIS Server when Federated

1757
6
03-30-2017 03:18 PM
Status: Closed
MarissaWalter
New Contributor II

We have users that make maps using desktop software, which are then published to our portal (federated environment). Their publishing rights are controlled through publisher roles that are configured within the portal site. When they publish services, they have the ability to publish anywhere on server - which is explained in this server documentation:


"If a role's type is set to either Administrator or Publisher, that role automatically gets implicit access permission to all GIS web services hosted on the ArcGIS Server site. This implicit permission cannot be overridden by changing the permissions on a service or folder."

This is problematic as services get published all over the server, including in the root. Because this happens behind the scenes, users are often not aware of where their services ended up on the server - making maintenance, clean up, and troubleshooting of services difficult and time consuming. Our support team currently has to monitor each folder for any services that do not belong there, manually look up the owner in portal, reach out, help them publish again into the correct location, and then delete the original from the wrong location.

We would like the ability to enforce publishing locations on the server so that we can eliminate these extra steps and keep everything "behind the scenes" clean and organized. 

6 Comments
AnthonyRyanEQL

Agree with this. I work for an organisation with only 6 publishers and missing the step to select the correct folder when publishing can cause big issues with services all over the place. With the abilily of not being able to move the service to the correct folder makes cleanup difficult & time consuming.

EricJackson1

I agree.  We are just getting started with Portal and I can already see that this will be a problem that will take too much time to manage.

MaggieBusek
Status changed to: Closed

Thank you for your post! We now support the ability to create custom roles with which you can assign more fine grained privileges to users. If these custom roles do not address your specific use case, please post a new idea with details on how we can improve!

AxelLévy

Sorry but i don't see how i can prevent publishers from creating folders on the arcgis server directory... 

DeanMoiler

I agree, this would still be a very useful capability to have. Custom roles have been around quite some time, though they have gotten more fine grained they don't allow restriction of publisher users to create folders for server based services.

You can restrict users from publishing to entire servers, by changing the server role, but not from publishing anywhere / creating folders on the server.

DeanMoiler_0-1693468004892.png

I can see another idea has been published related to this which I have added my support to: 

Prevent or limit ArcGIS Pro publisher ability to c... - Esri Community